ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 7

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 681

Question

When an employee is terminated from service, the MOST important action is to:

A. hand over all of the employee’s files to another designated employee.
B. complete a backup of the employee’s work.
C. notify other employees of the termination.
D. disable the employee’s logical access.

Answer

D. disable the employee’s logical access.

Explanation

There is a probability that a terminated employee may misuse access rights; therefore, disabling the terminated employee’s logical access is the most important action to take. All the work of the terminated employee needs to be handed over to a designated employee; however, this should be performed after implementing choice D. All the work of the terminated employee needs to be backed up and the employees need to be notified of the termination of the employee, but this should not precede the action in choice D.

CISA Question 682

Question

Which of the following would BEST provide assurance of the integrity of new staff?

A. background screening
B. References
C. Bonding
D. Qualifications listed on a resume

Answer

A. background screening

Explanation

A background screening is the primary method for assuring the integrity of a prospective staff member. References are important and would need to be verified, but they are not as reliable as background screening. Bonding is directed at due-diligence compliance, not at integrity, and qualifications listed on a resume may not be accurate.

CISA Question 683

Question

From a control perspective, the key element in job descriptions is that they:

A. provide instructions on how to do the job and define authority.
B. are current, documented and readily available to the employee.
C. communicate management’s specific job performance expectations.
D. establish responsibility and accountability for the employee’s actions.

Answer

B. are current, documented and readily available to the employee.

Explanation

From a control perspective, a job description should establish responsibility and accountability. This will aid in ensuring that users are given system access in accordance with their defined job responsibilities. The other choices are not directly related to controls. Providing instructions on how to do the job and defining authority addresses the managerial and procedural aspects of the job. It is important that job descriptions are current, documented and readily available to the employee, but this in itself is not a control. Communication of management’s specific expectations for job performance outlines the standard of performance and would not necessarily include controls.

CISA Question 684

Question

An IS auditor identifies that reports on product profitability produced by an organization’s finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?

A. User acceptance testing (UAT) occur for all reports before release into production
B. Organizational data governance practices be put in place
C. Standard software tools be used for report development
D. Management sign-off on requirements for new reports

Answer

B. Organizational data governance practices be put in place

Explanation

This choice directly addresses the problem. An organization wide approach is needed to achieve effective management of data assets. This includes enforcing standard definitions of data elements, which is part of a data governance initiative. The other choices, while sound development practices, do not address the root cause of the problem described.

CISA Question 685

Question

Responsibility for the governance of IT should rest with the:

A. IT strategy committee.
B. chief information officer (CIO).
C. audit committee.
D. board of directors.

Answer

D. board of directors.

Explanation

Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly. The audit committee, the chief information officer (CIO) and the IT strategy committee all play a significant role in the successful implementation of IT governance within an organization, but the ultimate accountability resides with the board of directors.

CISA Question 686

Question

What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?

A. Repeatable but Intuitive
B. Defined
C. Managed and Measurable
D. Optimized

Answer

B. Defined

Explanation

Defined (level 3) is the lowest level at which an IT balanced scorecard is defined.

CISA Question 687

Question

The ultimate purpose of IT governance is to:

A. encourage optimal use of IT.
B. reduce IT costs.
C. decentralize IT resources across the organization.
D. centralize control of IT.

Answer

A. encourage optimal use of IT.

Explanation

IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise.
Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact.

CISA Question 688

Question

When implementing an IT governance framework in an organization the MOST important objective is:

A. IT alignment with the business.
B. accountability.
C. value realization with IT.
D. enhancing the return on IT investments.

Answer

A. IT alignment with the business.

Explanation

The goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business {choice A). To achieve alignment, all other choices need to be tied to business practices and strategies.

CISA Question 689

Question

The MAJOR consideration for an IS auditor reviewing an organization’s IT project portfolio is the:

A. IT budget.
B. existing IT environment.
C. business plan.
D. investment plan.

Answer

C. business plan.

Explanation

One of the most important reasons for which projects get funded is how well a project meets an organization’s strategic objectives. Portfolio management takes a holistic view of a company’s overall IT strategy. IT strategy should be aligned with the business strategy and, hence, reviewing the business plan should be the major consideration. Choices A, B and D are important but secondary to the importance of reviewing the business plan.

CISA Question 690

Question

Which of the following is the MOST important element for the successful implementation of IT governance?

A. Implementing an IT scorecard
B. Identifying organizational strategies
C. Performing a risk assessment
D. Creating a formal security policy

Answer

B. Identifying organizational strategies

Explanation

The key objective of an IT governance program is to support the business, thus the identification of organizational strategies is necessary to ensure alignment between IT and corporate governance. Without identification of organizational strategies, the remaining choices-even if implemented-would be ineffective.